[ISN] Software Hits Back at Hacker with Viruses

From: mea culpa (jerichoat_private)
Date: Fri May 29 1998 - 18:16:26 PDT

  • Next message: mea culpa: "[ISN] Re: Security bug in MS Outlook"

    Forwarded From: Nicholas Charles Brawn <ncb05at_private>
    [This looks similar to the press releases we saw concering the
     "Blitzkreig" server (if it isn't the same product). The most worrying
     line I saw was: "Then he [the administrator] can decide on the ultimate
     revenge and have the sentries gain entrance to the hacker's computer and
     plant a virus". 
     Of course, I'm sure it has anti-spoofing routines built in... :) - Nick]
    [Moderator: One thing these programs fail to think of.. if a hacker is
     using another system, then the software will illegally hack an innocent
     system as retaliation. Of course, that is if any of this exists which
     I highly doubt (and certainly hope doesn't exist).]
    By Sean Hargrave.
    SOFTWARE that can detect an attack by hackers and retaliate by sending a
    computer virus will be unveiled next month, writes Sean Hargrave.  Larry
    Wood, co-founder of the Future Vision Group, based in Santa Fe, explains
    that his software is basically a group of sentries that can be deployed
    across a company's computer network and, if needed, the Internet.  The
    sentries stand guard at switches that allow traffic in and out of a
    If an abnormal amount of data is detected coming from an unusual source,
    the sentries "chat" among themselves to decide if the data should be
    allowed to pass. If they decide to hold it up, a message is sent to a
    system administrator for advice. 
    The administrator has the option of asking the sentries to track the path
    of the data and identify its source. Then he can decide on the ultimate
    revenge and have the sentries gain entrance to the hacker's computer and
    plant a virus. 
    A prototype version of the Network Lightning Server is being examined by
    the FBI after the software highlighted an attack from teenage hackers
    using pornographic messages to entice staff at blue-chip companies,
    intelligence agencies, university and military establishments to reveal
    e-mail addresses. 
    Special Agent Doug Beldon, from the FBI's Albuquerque office, New Mexico,
    has confirmed agency interest, but refuses to comment further.  The
    hackers came to light last summer when thousands of e-mails were scattered
    across the Net offering access to pictures of underage Japanese girls. 
    To cover their tracks, the Japanese group sent its pornographic invitation
    through a San Francisco computer specialist, Quick Print. They were able
    to do this because a sacked employee gave them the passwords.  The message
    invited people offended by the lewd invitation to send back an e-mail
    asking to be removed from the pornographer's mailing list so they would
    not be troubled again. 
    According to Wood, the offer to be removed from the list was a trap. "They
    had no idea whether they had the right e-mail addresses so they needed
    people to get disgusted with the offer of illicit material," he says. "As
    soon as they answered and asked to be removed, the hackers had their
    e-mail address and the address of their host server." 
    A "server" is the computer that, like an electric postman, delivers and
    receives e-mail. Armed with an e-mail address and the identity of its
    local server, the hackers immediately established a point of entry. 
    Once hackers had gained the identities they were after, they decided to
    lie low. But at the start of this month they began to use the identities. 
    The Japanese hackers are using software that logs on to a computer network
    as the person whose identity has been stolen. It then looks for password
    files that it can copy, which can then be examined and decrypted by the
    The attack is still going on, and the FBI has not ascertained how many
    passwords have been stolen. However, most of the targets, including the
    FBI, have been warned and e-mail addresses altered, or more robust
    screening software put in place to defend systems against the hackers. 
    SUNDAY TIMES 24/05/98 
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:54:26 PDT